Apache Tomcat 7 Free ebook download
Apache Tomcat 7 Aleksa Vukotic James Goodwill
Apache Tomcat 7
Copyright © 2011 by Aleksa Vukotic and James Goodwill All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher.
ISBN-13 (pbk): 978-1-4302-3723-5
ISBN-13 (electronic): 978-1-4302-3724-2 Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark.
The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights.
President and Publisher: Paul Manning Lead Editor: Chris Nelson Technical Reviewer: Chád Darby Editorial Board: Steve Anglin, Mark Beckner, Ewan Buckingham, Gary Cornell, Jonathan Gennick,
Jonathan Hassell, Michelle Lowman, James Markham, Matthew Moodie, Jeff Olson, Jeffrey Pepper, Frank Pohlmann, Douglas Pundick, Ben Renow-Clarke, Dominic Shakeshaft, Matt Wade, Tom Welsh
Coordinating Editor: Corbin Collins Copy Editor: Tracy Brown Compositor: Bytheway Publishing Services Indexer: SPI Global Artist: SPI Global Cover Designer: Anna Ishchenko
Distributed to the book trade worldwide by Springer Science+Business Media, LLC., 233 Spring Street, orders-ny@springer- 6th Floor, New York, NY 10013. Phone 1-800-SPRINGER, fax (201) 348-4505, e-mail sbm.com, or visit www.springeronline.com.
For information on translations, please e-mail rights@apress.com, or visit www.apress.com. Apress and friends of ED books may be purchased in bulk for academic, corporate, or promotional use. eBook versions and licenses are also available for most titles. For more information, reference our Special Bulk Sales–eBook Licensing web page at www.apress.com/bulk-sales.
The information in this book is distributed on an “as is” basis, without warranty. Although every precaution has been taken in the preparation of this work, neither the author(s) nor Apress shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in this work.
The source code shown in this book is available to readers at apress.com. You will need to answer questions pertaining to this book in order to successfully download the code.
To Jelica
–Aleksa Vukotic
Contents at a Glance
Chapter 7: Securing Tomcat with SSL ................................................................141
Index ...................................................................................................................273
Appendix B: The Web.xml File.............................................................................261
Appendix A: Server.xml File................................................................................247
Chapter 13: Configuring JNDI in Tomcat.............................................................229
Chapter 12: Logging in Tomcat...........................................................................211
Chapter 11: Integrating Spring MVC Framework................................................199
Chapter 10: Integrating Apache Web Server.......................................................185
Chapter 9: Embedding Tomcat............................................................................175
Chapter 8: Valves and Servlet Filters..................................................................155
iv
About the Authors................................................................................................ xiii
Chapter 5: HTTP Sessions .....................................................................................95
Chapter 4: Using Tomcat’s Manager Web Application..............................................73
Chapter 3: Servlets, JSPs and ServletContext ...........................................................47
Chapter 2: Deploying Web Applications to Tomcat..............................................17
Chapter 1: Introduction to Apache Tomcat 7 ..........................................................1
Preface................................................................................................................. xvi
Acknowledgments ................................................................................................ xv
About the Technical Reviewer ............................................................................. xiv
Chapter 6: Configuring Security Realms.............................................................119
Contents
About the Authors................................................................................................ xiii
About the Technical Reviewer ............................................................................. xiv
Acknowledgments ................................................................................................ xv
Preface................................................................................................................. xvi
Chapter 1: Introduction to Apache Tomcat 7 ..........................................................1
The Apache Tomcat Server................................................................................................1
The Tomcat Manager Web Application..................................................................................................... 2 Specialized Realm Implementations ........................................................................................................ 2 Tomcat Valves .......................................................................................................................................... 2 Further Information .................................................................................................................................. 2
The Architecture of Tomcat ...............................................................................................3
The Server ................................................................................................................................................ 5 The Service............................................................................................................................................... 5 The Connector .......................................................................................................................................... 6 The Engine................................................................................................................................................ 6 The Host ................................................................................................................................................... 6 The Context............................................................................................................................................... 6
Installing and Configuring Tomcat.....................................................................................6
Requirements for Installing and Configuring Tomcat ............................................................................... 6 Installing Tomcat Using Windows Service Installer.................................................................................. 7 Manually Installing on Windows ............................................................................................................... 8 Installing to Linux ................................................................................................................................... 11 vTesting Your Tomcat Installation .....................................................................................12 Summary .........................................................................................................................15 Chapter 2: Deploying Web Applications to Tomcat..............................................17
The Tomcat Directory Structure.......................................................................................17
Executing Tomcat scripts ....................................................................................................................... 18 Passing Runtime Options to Catalina Script ........................................................................................... 19 Tomcat Configuration Files..................................................................................................................... 20
Java Web Applications.....................................................................................................20 The Directory Structure .......................................................................................................................... 21 The Deployment Descriptor .................................................................................................................... 22
Manually Deploying Web Applications to Tomcat............................................................23 Creating the Web Application Directory Structure.................................................................................. 24 Adding Static Content ............................................................................................................................. 24 Adding JSPs............................................................................................................................................ 25 Adding Servlets ...................................................................................................................................... 27 Deploying WAR Archive .......................................................................................................................... 30 Other Methods of Deployment................................................................................................................ 32
Configuring Hosts and Contexts ......................................................................................32 Configuring Hosts ................................................................................................................................... 32 Configuring Web Application Contexts ................................................................................................... 33
Deploying a Web Application from Eclipse IDE ................................................................37 Updating Eclipse for Java Web Development ......................................................................................... 37 Creating a Dynamic Web Project ............................................................................................................ 39 Adding Tomcat Runtime Environment .................................................................................................... 41 Deploying a Java Web Project to Tomcat from Eclipse .......................................................................... 43
Summary .........................................................................................................................45 vi
Chapter 3: Servlets, JSPs and ServletContext ...........................................................47
Servlets............................................................................................................................47
The Lifecycle of a Servlet ....................................................................................................................... 48
ServletRequest and ServletResponse..................................................................................................... 49
The GenericServlet and HttpServlet Classes .......................................................................................... 51
Configuring a Servlet in a Servlet Container........................................................................................... 53
Servlet API 3.0 ........................................................................................................................................ 55
Java Server Pages ...........................................................................................................58
Lifecycle of Java Server Pages............................................................................................................... 59
The Components of a Java Server Pages ............................................................................................... 60
JSP Directives......................................................................................................................................... 61
JSP Scripting .......................................................................................................................................... 63
Relationship Between Servlets and ServletContext.........................................................69
Summary .........................................................................................................................70
Chapter 4: Using Tomcat’s Manager Web Application..............................................73
What Is the Manager Web Application?...........................................................................73
Gaining Access to the Manager Web Application ............................................................74
Accessing the Manager Web Application Using Web Interface .......................................76
Listing Deployed Web Applications ........................................................................................................ 78
Checking Server Status .......................................................................................................................... 79
Deploying a New Web Application.......................................................................................................... 80
Reloading an Existing Web Application .................................................................................................. 83
Sessions ................................................................................................................................................. 84
Stop ........................................................................................................................................................ 86
Start........................................................................................................................................................ 88
Undeploy................................................................................................................................................. 89
viiUsing a Text-Based Interface to Access Manager Web Application ...............................90 Installing Ant........................................................................................................................................... 90 Configuring Tomcat’s Ant Tasks............................................................................................................. 91 Running Ant Scripts................................................................................................................................ 93
Summary .........................................................................................................................94
Chapter 5: HTTP Sessions .....................................................................................95 The Servlet Implementation of HTTP sessions ................................................................97 Shopping Basket Session Example ........................................................................................................ 99 Invalidating a Session........................................................................................................................... 107 Session Management in Tomcat ...................................................................................108 StandardManager ................................................................................................................................. 109 PersistentManager ............................................................................................................................... 112 Summary .......................................................................................................................118
Chapter 6: Configuring Security Realms.............................................................119 Security Realms.............................................................................................................119 MemoryRealm................................................................................................................120 Protecting a Resource with a MemoryRealm ....................................................................................... 121 Protection Against Brute Force Attacks................................................................................................ 126 UserDatabaseRealm ............................................................................................................................. 127 JDBC Realms .................................................................................................................128 Creating the Users Database ................................................................................................................ 128 Configuring Tomcat to Use a JDBCRealm............................................................................................. 131 Configuring FORM-Based Authentication with JDBCRealm ................................................................. 132 DataSourceRealm................................................................................................................................. 136 The Benefits of Using a JDBCRealm ..................................................................................................... 137 JNDIRealm .....................................................................................................................138 viii
Accessing an Authenticated User ..................................................................................139
Summary .......................................................................................................................140
Chapter 7: Securing Tomcat with SSL ................................................................141
Introduction to SSL ........................................................................................................141What SSL Does ..................................................................................................................................... 142
How SSL works .................................................................................................................................... 142
Configuring Tomcat with SSL ........................................................................................144
Creating Keystore with SSL Certificate................................................................................................. 144
Configuring Tomcat’s SSL Connector ................................................................................................... 147
Configuring Secure Resources in the Web Application ........................................................................ 149
Installing a Certificate from the Certificate Authority ........................................................................... 151
Secure Session Tracking with Tomcat ..........................................................................152
Summary .......................................................................................................................154
Chapter 8: Valves and Servlet Filters..................................................................155
Introduction to Valves and Filters ..................................................................................155
What Is a Tomcat Valve? ...................................................................................................................... 156
What Is a Servlet Filter? ....................................................................................................................... 156
Tomcat Valves vs. Servlet Filters...................................................................................157
Configuring Tomcat Valves ............................................................................................157
Implementing a Custom Valve .............................................................................................................. 157
The Access Log Valve ........................................................................................................................... 159
The Remote Address Valve................................................................................................................... 162
Crawler Session Manager Valve ........................................................................................................... 163
Dead Thread Detection Valve ............................................................................................................... 164
Configuring Servlet Filters .............................................................................................164
Implementing a Servlet Filter ............................................................................................................... 165
Request Dumper Filter.......................................................................................................................... 168
ixExpires Filter......................................................................................................................................... 169 Cross-Site Request Forgery Prevention Filter ...................................................................................... 171 Summary .......................................................................................................................173
Chapter 9: Embedding Tomcat............................................................................175 Requirements for Embedding Tomcat ...........................................................................175 Embedded Tomcat Java Components ...........................................................................177 Implementing a Sample Application with Embedded Tomcat .......................................178 Testing Servlets with Embedded Tomcat ......................................................................182 Summary .......................................................................................................................184
Chapter 10: Integrating Apache Web Server.......................................................185 What Is the Apache Web Server? ..................................................................................185 Integrating Tomcat and Apache Web Server .................................................................186 Using mod_proxy.................................................................................................................................. 187 Using mod_jk........................................................................................................................................ 192 Which Approach to Use ........................................................................................................................ 195 Load Balancing ..............................................................................................................195 Summary .......................................................................................................................197
Chapter 11: Integrating Spring MVC Framework................................................199 Introducing Spring MVC .................................................................................................199 Spring Framework Overview ................................................................................................................ 199 MVC Pattern.......................................................................................................................................... 200 Front Controller Pattern ........................................................................................................................ 202 Spring MVC Web Applications .......................................................................................203 Configuring DispatcherServlet.............................................................................................................. 204 Adding Views ........................................................................................................................................ 205 Implementing Controllers ..................................................................................................................... 205 x
xi
Wiring Spring Application Context ........................................................................................................ 206
Summary .......................................................................................................................209
Chapter 12: Logging in Tomcat...........................................................................211
Using Tomcat’s JULI Logging Library ............................................................................211Introduction to Java Logging and JULI libraries ................................................................................... 212
Configuring Internal Tomcat Logging with JULI ................................................................................... 217
Configuring Web Application Logging with JULI................................................................................... 219
Using Log4j Library for Web Application Logging ..........................................................221
PatternLayout ....................................................................................................................................... 223
Using Log4j for Tomcat Internal Logging.............................................................................................. 224
Using Log4j for Web Application Logging ............................................................................................. 225
Web Application Logging Using Slf4j Library.................................................................226
Using Slf4j ............................................................................................................................................ 226
Summary .......................................................................................................................228
Chapter 13: Configuring JNDI in Tomcat.............................................................229
Introduction to JNDI.......................................................................................................229JNDI API Overview ................................................................................................................................ 230
Tomcat JNDI Configuration................................................................................................................... 231
Configuring the Database Connection ...........................................................................232
Introducing JDBC.................................................................................................................................. 232
Configuring Data Source as a JNDI Resource ...................................................................................... 235
Configuring Mail Session ...............................................................................................240
Introducing JavaMail ............................................................................................................................ 240
Configuring Mail Session as a JNDI Resource...................................................................................... 242
Summary .......................................................................................................................246
Appendix A: Server.xml File................................................................................247
Containers......................................................................................................................247
xii The Server Container ............................................................................................................................ 247 The Service Container .......................................................................................................................... 248 The Engine Container ........................................................................................................................... 249 The Host Container ............................................................................................................................... 250 The Context Container .......................................................................................................................... 252
Connectors.....................................................................................................................255 The HTTP Connector ............................................................................................................................. 257 The AJP Connector ............................................................................................................................... 258
Summary .......................................................................................................................259
Appendix B: The Web.xml File.............................................................................261 The Basic web.xml Configuration ..................................................................................261 Adding a Servlet Definition ............................................................................................262
Adding a Servlet Mapping .................................................................................................................... 263 Configuring a Servlet Using Annotations .............................................................................................. 263 Adding a Servlet Filter ...................................................................................................264
Configuring Filter Mapping ................................................................................................................... 265 Configuring Servlet Filter Using Annotations........................................................................................ 266 Configuring ServletContext Parameters ........................................................................267 Configuring the Session.................................................................................................267 Adding a Welcome File List ...........................................................................................267 Configuring Error Handlers ............................................................................................268 Configuring Mime Types................................................................................................268 Configuring Web Application Security ...........................................................................268
Adding a Security Constraint ................................................................................................................ 268 Adding a Login Config........................................................................................................................... 270 Summary .......................................................................................................................271
Index ...................................................................................................................273
About the Authors
Aleksa Vukotic is a keen agile advocate, author, trainer, software architect,
■
and developer, and has years of experience leading successful deliveries of business critical software projects.
He has a track record of success with the agile transformation of large companies, helping senior management lead the way in turning business requirements into effective software products. Aleksa has vast experience with Java technologies, and has been involved with the Spring Framework since the early days, becoming an expert in enterprise Java development with Spring, along with other open-source technologies. In addition to his Java EE expertise, Aleksa often utilizes his problem-solving skills to tackle the most complex issues that arise with projects. This combination of high-level management skills and technical knowledge has made Aleksa invaluable in motivating software teams to bring out the best in themselves and make rapid progress toward successful project delivery. His experience includes working with large and small teams on all levels—from high-level management, planning, and architecture to low-level technical implementation of critical software components. Aleksa co-authored Pro Spring 2.5, published by Apress, and has had several articles published in respected open-source publications. Aleksa is currently working at Open Credo, a London-based company of technical experts specializing in maximizing software development value for its clients. Outside of the working environment, Aleksa enjoys following football and exploring the latest technology gadgets.
■ James Goodwill James Goodwill is an eight-time published author on
leading technologies such as Java Servlets, JavaServer Pages (JSPs), Tomcat, and Struts. He is a senior enterprise iOS and Java consultant in the Denver metro area and a frequent speaker and article writer. You can follow James on Twitter at jamesgoodwill.
xiii
About the Technical Reviewer
Chád Darby is an author, instructor, and speaker in the Java development
■
world. As a recognized authority on Java applications and architectures, he has presented technical sessions at software development conferences worldwide. In his 15 years as a professional software architect, he’s had the opportunity to work for Blue Cross/Blue Shield, Merck, Boeing, Northrop Grumman, and other IT companies.
Chád is a contributing author to several Java books, including
Professional Java E-Commerce (Wrox Press), Beginning Java Networking
(Wrox Press), and XML and Web Services Unleashed (Sams, 2002). He is also the author of numerous magazine articles for the Java Developer’s Journal (Sys-Con Publishing).
Chád has Java certifications from Sun Microsystems and IBM. He holds a B.S. in Computer Science from Carnegie Mellon University. In his free time, Chád enjoys running half-marathons.
xiv
Acknowledgments
I would like to thank Jelica, for standing beside me during the writing of this book. Without her support and encouragement, completing this book would have been a much more difficult task.
I’d also like to thank my parents for providing me with the life guidance that enabled me to be where I am. I would like to express my gratitude to all the people helping me to make this book better: Chád
Darby, who helped to achieve a higher technical standard for this book; Chris Nelson, who patiently helped me improve my writing style and make the book read better with his excellent editorial skills; Corbin Collins, Steve Anglin, and everyone else at Apress for all the hard work they did to get this book published.
Big thanks to all who contribute to the Apache Tomcat project and other open-source software for being part of a community that creates such great products. And finally, I’d like to thank all my colleagues and friends with whom I’ve worked throughout my career, for contributing to my professional development, which prepared me to be co-author of this book.
—Aleksa Vukotic
xv
Preface
The first edition of this book covered the then-new Jakarta Tomcat 4. Tomcat has come a long way from there, becoming Apache Tomcat in the process, with version 7 released in January 2011. During this time, Tomcat has become the most popular and used Java servlet container on the market. Other open source application servers also have started using Tomcat as their embedded servlet engine. With the shift of focus in enterprise Java development toward more lightweight architecture and tools, Tomcat has grown to become the deployment platform of choice for business-critical enterprise Java applications.
This edition has been revised to cover the latest features of Apache Tomcat 7 and Servlet API
3.0. In the world of technology, changes are introduced quickly, and yesterday’s new ideas are the legacy systems of tomorrow. Although Tomcat is still a leading open source servlet container, a lot has changed in Java web technologies since version 4. The biggest change was Java Servlet specification, which advanced to version 3.0, bringing a lot of new features along the way.
This book is based on the original text by James Goodwill, and the concepts and structure of the original book have been kept where possible. However, where the changes to Tomcat architecture and Java Servlet specification have been too great, the text was changed significantly, and some chapters have been entirely rewritten. In addition, some of the chapters from the original book have been removed, because they are now outdated. Instead, new chapters, covering up-to-date Tomcat concepts and Java web technologies, have been included. All code and configuration examples have been either updated to use up-to-date Tomcat 7 and Servlet API 3 syntax and structure, or have been entirely replaced to match the architectural changes to the underlying technology.
This book will be useful to the reader who is familiar with Java, but new to servlet development with Tomcat. That’s why it contains an introduction to the development of Java web applications using servlets and JSPs. Server administrators new to Tomcat 7 also will find a lot of useful information in this book related to Tomcat management and configuration tasks.
It was not the aim of the authors to provide a detailed Tomcat reference covering all aspects of Tomcat configuration. The authors did try to write a book that introduces Tomcat in the context of web application development, so that readers can implement, deploy, and manage their Java web applications using Apache Tomcat 7 server. This is a practical guide to Apache Tomcat, with a lot of real- world examples and solutions to common problems in web application development and deployment.
We hope you will find this book useful in your day-to-day experience with Tomcat—that would mean it has served its purpose.
xvi
C H A P T E R 1
Introduction to Apache Tomcat 7 In this chapter, we introduce the world of Apache Tomcat server.
Throughout this chapter, we v Describe the Apache Tomcat architecture v Discuss the requirements for installing and configuring Tomcat v Describe the steps of installing and configuring Tomcat v Test your Tomcat installation
At the end of this chapter, you will understand the Tomcat architecture, have an instance of Tomcat server installed and running on your computer, and have a sample web application displayed in your browser.
The Apache Tomcat Server
The Apache Tomcat server is an open source, Java-based web application container that was created to run servlet and JavaServer Pages (JSP) web applications. It was created under the Apache-Jakarta subproject; however, due to its popularity, it is now hosted as a separate Apache project, where it is supported and enhanced by a group of volunteers from the open source Java community.
Apache Tomcat is very stable and has all of the features of a commercial web application container – yet comes under Open Source Apache License. Tomcat also provides additional functionality that makes it a great choice for developing a complete web application solution. Some of the additional features provided by Tomcat—other than being open source and free—include the Tomcat Manager application, specialized realm implementations, and Tomcat valves.
Currently supported versions on Apache Tomcat are 5.5X, 6.0X, and 7.0X. Versions earlier than 5.5 are still available for download, but they are archived and no support is available for them, so users are encouraged to use the latest possible version of Tomcat where available.
Major versions on Apache Tomcat coincide with versions of the Java Servlet specification, or Java Servlet API, released. So, Tomcat 5.5X supports Servlet API 2.3, Tomcat 6.0X supports Servlet API 2.4, and the latest Tomcat 7.0 is a reference implementation of current Servlet API 3.0. In addition to Servlet API versions, Tomcat versions support corresponding JSP API versions.
The JVM compatibility also depends on the version chosen. Table 1-1 provides a cross-reference of Tomcat versions, supported JVM versions, and Servlet API and JSP API releases.
Table 1-1. Tomcat Versions and Supported API and JDK Versions Apache Tomcat Servlet API JSP API JDK
7.0 3.0 2.2 1.6 6.0 2.5 2.1 1.5 5.5 2.4 2.0 1.4 4.1 2.3 1.2 1.3 3.0 2.2 1.1 1.1
This book will cover version 7 of the Apache Tomcat Server. However, most of the content can be applied to versions 5.5 and 6—where that is not possible, it will be clearly stated.
The Tomcat Manager Web Application
The Tomcat Manager web application is packaged with the Tomcat server. It is installed in the context path of /manager and provides the basic functionality to manage web applications running in the Tomcat server from any web browser. Some of the provided functionality includes the ability to install, start, stop, remove, and report on web applications. Chapter 4 covers the details of the Tomcat Manager web application.
Specialized Realm Implementations Tomcat provides container-managed security methods for protecting resources within the container.
These “databases” of users that can be authenticated by the container are called realms.
We will cover two types of realms supported by Tomcat in more detail: MemoryRealm, where user information is simply read from a file and stored in memory, and JDBCRealm, which uses relational database to store users. You can read more about realms with examples in Chapter 6.
Tomcat Valves